Security Control and Data Planes of SDN: A Comprehensive Review of Traditional, AI, and MTD Approaches to Security Solutions

Abdinasir Hirsi Abdi; Lukman Audah; Adeb Salh; Mohammed A. Alhartomi; Haroon Rasheed; Salman Ahmed; Ahmed Tahir

doi:10.1109/ACCESS.2024.3393548

IEEE Access (Jan 2024)

Security Control and Data Planes of SDN: A Comprehensive Review of Traditional, AI, and MTD Approaches to Security Solutions

Abdinasir Hirsi Abdi,
Lukman Audah,
Adeb Salh,
Mohammed A. Alhartomi,
Haroon Rasheed,
Salman Ahmed,
Ahmed Tahir

Affiliations

Abdinasir Hirsi Abdi: ORCiD; Advanced Telecommunication Research Center (ATRC), Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia, Parit Raja, Malaysia
Lukman Audah: ORCiD; Advanced Telecommunication Research Center (ATRC), Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia, Parit Raja, Malaysia
Adeb Salh: ORCiD; Faculty of Information and Communication Technology, University Tunku Abdul Rahman (UTAR), Kampar, Malaysia
Mohammed A. Alhartomi: ORCiD; Department of Electrical Engineering, University of Tabuk, Tabuk, Saudi Arabia
Haroon Rasheed: ORCiD; Department of Electrical Engineering, Bahria University Karachi Campus, Karachi, Pakistan
Salman Ahmed: ORCiD; VLSI and Embedded Technology (VEST) Focus Group, Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia, Parit Raja, Malaysia
Ahmed Tahir: ORCiD; Engineering Department, Somtel Telecommunication Company, Bosaso, Bari, Somalia

DOI: https://doi.org/10.1109/ACCESS.2024.3393548
Journal volume & issue: Vol. 12
pp. 69941 – 69980

Abstract

Read online

Software-Defined Networking (SDN) is a groundbreaking technology that has transformed network management significantly. By integrating data and control, SDN offers unparalleled flexibility and responsiveness, thereby overcoming the limitations of conventional network architectures. However, a centralized controller, which is a hallmark of SDN, is a double-edged security sword that offers easy control. This also becomes a dangerous point of failure for the entire network. To the best of our knowledge, this is the first comprehensive study to explore traditional-based, artificial intelligence (AI)-based, and moving target defense (MTD) approaches to securing SDN. The study begins with a survey of traditional security solutions for SDN, encompassing authentication, authorization, encryption, security protocols, firewalls, and flow verification, by addressing security threats and vulnerabilities in both data and control planes. The study then investigates the application of AI-based security solutions in an SDN environment, focusing on how Machine Learning (ML) and Deep Learning (DL) techniques are leveraged to address advanced security threats. Additionally, the survey examines MTD mechanisms within data and control plane security. Several in-depth techniques, including the randomization of Internet Protocol (IP) and Media Access Control (MAC) addresses, port numbers, and flow tables, and delving into the relationship between security threats, MTD strategies, and the specific controllers employed in experimental implementations. We utilized the widely recognized STRIDE cybersecurity framework to systematically identify and evaluate the potential threats to SDN security. Our analysis resulted in a comprehensive list of security challenges, and we propose future research directions aimed at addressing emerging threats in both the data and control planes.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords